I've been looking into an interesting problem over the past couple of days. Here is the scenario: Our front end client is pointing to our dev environment. The user signs in and we get back the sFrontToken and the sIRTFrontend token When the web app tries to logout using our api's logout endpoint, the server responds with a 440 and the request fails. Eventually i went into the supertokens db in our dev environment and cleared all the records in the session_info table and re-ran the steps mentioned above. This time we got a successful response